CUPS and printer security
John A. Murdie
john at cs.york.ac.uk
Mon Aug 15 05:43:31 PDT 2005
Do CUPS and IPP implement a printer security mechanism, or is one planned?
I know of - and make use of - HP printers' restricted access list of IP addresses, which allow each printer to be configured so that they will only accept print requests and administrative configuration access (by telnet or to their web server) from one of the IP addresses in their list - which, of course, can be limited to one's print server. Thus you can be sure that any print usage accounting the print server performs is complete. (It is also useful, for instance, to prevent any pre-prepared commercial forms and settings on the printer being used by those not authorised for them; and to prevent printers coming under denial of service attacks - the servers and the desktop client systems at your site are secure, but your printers are wide open to attack.)
The access control lists are, of course, printer manufacturer specific. Does IPP and CUPs implement a more general security mechanism - perhaps one based on cryptographic key exchange?
John A. Murdie
Department of Computer Science
University of York
UK
More information about the cups
mailing list